OpenStack service limitations
OpenStack users, groups, and roles
Administrative privileges
No OpenStack user that you create while enabling the OpenStack CLI ever gets privileges exceeding administrative rights bound to a project.
This means that you cannot use an OpenStack user to create a new project. You must do so via the Cleura Cloud Management Panel, or the Cleura Cloud REST API.
It also means that you cannot use the following openstack
CLI commands; they all return Unauthorized
(HTTP 403):
openstack user [create|delete|list|set]
.You can use
openstack user show
andopenstack user password set
, but only for your own user account.openstack group <subcommand>
openstack role <subcommand>
openstack project <subcommand>
(exceptlist
).You can use
openstack project list
, but this will only list the project(s) that your user account has access to.openstack domain <subcommand>
Cinder
Volume backup service
Cleura Cloud does not support the OpenStack volume backup service (cinder-backup
).
For automated, scheduled volume snapshots, consider configuring your servers for Disaster Recovery (DR) via the Cleura Cloud Management Panel.
Nova
Nested virtualization
Running nested virtualization is only supported for Nova instances (servers) running Linux. The server must run a Linux kernel of version 5.0 or later, and QEMU/KVM 4.1 or later.
This means that you can run nested virtualization on servers booted from a CentOS 9 (or later), Ubuntu 20.04 (or later), or Debian 11 (or later) base image.
Furthermore, you must ensure that the Nova server passes the pcid
CPU feature flag to nested guests.
Maximum attached volumes per server
A Nova server in Cleura Cloud can concurrently attach a maximum of 25 persistent volumes.
This is a limitation of the virtio-blk
storage driver that ships as part of the guest operating system’s kernel.
Neutron
Dynamic routing
Neutron in Cleura Cloud does not support dynamic routing protocols in a customer-accessible manner. We currently do not expose the ability to configure BGP speakers or peers.
While Cleura Cloud does use BGP dynamic routing internally, our Neutron configuration restricts the ability to use these features to administrative accounts only.
Octavia
Dual-stack support
A single load balancer managed by OpenStack Octavia can support IPv4 or IPv6, but not both. To expose a service via IPv4 and IPv6, you must set up two separate load balancers pointing to the same backend.
Designate
The OpenStack Designate DNS-as-a-service (DNSaaS) facility is currently not available in Cleura Cloud. You must manage your own DNS records for public IP addresses.
Manila
The OpenStack Manila filesystem-as-a-service (FSaaS) facility is currently not available in Cleura Cloud. If you require multiple servers to be able to access the same files, create a server that exposes an internal NFS or CIFS service, backed by a Cinder volume.